Latest Free Tool: ConfigMgr PXE Boot Log

ConfigMgr PXE Boot Log displays PXE boot events in an easy-to-view format and provides a history of PXE boot attempts on a distribution point during a selected time period. The tool can also display any records that exist in ConfigMgr associated with a device based on its SMBIOS GUID.

Removing Disabled Computer Accounts from SCCM with PowerShell

In System Center Configuration Manager there are 2 Site Maintenance tasks that help take care of stale or obsolete client records: Delete Aged Discovery Data and Delete Inactive Client Discovery Data. However in some cases some records can remain in SCCM and are not removed by these tasks, for example, when a system is no longer active but the computer account has not been deleted or disabled in Active Directory. AD System Discovery will continue to pick this system up and create a record for it, so maintenance of AD computer accounts is essential for a healthy ConfigMgr environment.

As long as a client is disabled or deleted from Active Directory and does not get picked up by any of the discovery methods, it will eventually get deleted from SCCM according to the schedule defined in these maintenance tasks.

For computer accounts that are disabled however, you might not want to wait for the maintenance tasks to remove them since you know they are no longer active and can safely be deleted from the SCCM database. Removing them sooner can improve compliance figures for deployment reporting, for example. For this scenario, I prepared a PowerShell script that can run as a scheduled task and remove any system that is marked as inactive – or does not have the SCCM client installed – and is alsodisabled or not present in active directory.

I’ll run through the script quickly here to explain what it does.

First we define some variables to be used in the script, such as the site code, the site server, and the email information (the script will email the SCCM admin with the list of systems it deletes):

Next we check active directory for each system to find the status of the computer account and filter those that are either disabled or not present in AD using a custom function. Note that this function uses .Net to search AD so it is not dependent on having the RSAT tools installed.

This is probably happening because there are no entries returned the second time the script is invoked. Is there a way to trap this error and have the execution of the code exit out without errors if there are no hits?

This could be because only one result is being returned therefore the AddRange() method is not recognizing it as an array, therefore not technically a range. You could try casting it into an array like this: